Starting with Chrome version 58 and Firefox version 48, using certificates without specifying the SAN (Subject Alternative Name) attribute will cause the “Your connection is not secure” error.
Self-signed SSL certificates don’t provide reliable data protection against malicious users. We recommend using SSL certificates that are issued from trusted certificate authorities like Comodo, Symantec, Thawte, etc.
To generate an SSL certificate with the SAN attribute, make sure you have OpenSSL installed in your system and do the following:
- Create a root CA certificate. It will be used to issue other certificates. Fill out the form that appears. When prompted, enter the Common Name that is the fully qualified domain name of your server:
sudo openssl genrsa -des3 -out /etc/ssl/private/rootCA.key 2048
sudo openssl req -x509 -new -nodes -key /etc/ssl/private/rootCA.key -sha256 -days 365 -out /etc/ssl/certs/rootCA.pem
- Create the
/ext/ssl/v3.extconfiguration file with the following content (where
mydomain.comis the fully qualified domain name of your server):
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
DNS.1 = mydomain.com
- Create a self-signed certificate using the configuration file and the root certificate. Fill out the form that appears. When prompted, enter the Common Name that is the fully qualified domain name of your server:
sudo openssl genrsa -out /etc/ssl/private/selfsigned.key 2048
sudo openssl req -new -key /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.csr
sudo openssl x509 -req -in /etc/ssl/certs/selfsigned.csr -CA /etc/ssl/certs/rootCA.pem -CAkey /etc/ssl/private/rootCA.key -CAcreateserial -out /etc/ssl/certs/selfsigned.crt -days 365 -sha256 -extfile /etc/ssl/v3.ext
- When installing or updating ELMA365 or data bases the selfsigned.key key. selfsigned.crt certificate, and rootCA.pem CA root certificate are used.
Found a typo? Highlight the text, press ctrl + enter and notify us